When a Name Server looks up a domain for the IP address, it stores the information into the cache so it doesn’t have to look it up every single time a request is made. For example, if someone looks for www.nishv.com the DNS server will look up the domain and stores the IP address 72.52.178.35 into the cache for a given time so it doesn’t have to look up that domain again for a given period of time.

DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a DNS Server that did not originate from authoritative DNS sources.

It happens when an attacker sends malicious data in response to a DNS query. For example, DNS query for www.nishv.com can be redirected to another website.

This method is taking the phishing scam to another level, you might be visiting your bank’s website but without you realising it, you will actually be putting in all the login information into some hackers servers which made it look exactly like the bank’s website. Yes, this is very serious!

How do you patch it?

On the client side (we are talking about Microsoft Windows here), your machines should have been patches automatically if you set the Auto-Update option. If not, I recommend you check the available updates and patch it as soon as possible.

If you use a DNS Server, my recommendation is to use the following command to figure out whether it has been patched or not. If it is not, STOP using it and have a look at this post on OpenDNS for more info.

Use the following DIG command on UNIX


dig +short @{name-server-ip} porttest.dns-oarc.net txt
dig +short @ns1.example.com porttest.dns-oarc.net txt
dig +short @208.67.222.222 porttest.dns-oarc.net txt


and you should get a result similar to this…


nishv@nishv.com [~]# dig +short @208.67.222.222 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.217.8 is GREAT: 26 queries in 2.1 seconds from 26 ports with std dev 20119"

Or something like this…

nishv@nishv.com [~]# dig +short @4.2.2.2 porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.4.25 is GOOD: 26 queries in 1.9 seconds from 26 ports with std dev 3880"


If you don’t get GREAT or GOOD and gets something like POOR, you should immediately stop using it.

If you manage that DNS server, patch it or decommission it!

This is how to check on Windows

Open up command prompt by going Start --> Run --> CMD or on Vista typing CMD on the Start Search box


nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP


You must see the GREAT or GOOD, if not your DNS Server is compromised.

You can see Dan Kaminsky’s presentation below…

www.youtube.com/watch?v=B0dHDD9fFM4

Sky Broadband is aimed for home users thus a few features like SSH (Port 22), VPN and other tunneling are disabled by the router (NETGEAR DG834GT) they provide. If you want to use these features, you have two choices…

• Use another Router
• Re-flash the firmware of the Sky Router (NETGEAR DG834GT)

Re-flashing the router is risky and I am sure it is against Sky’s Terms and Conditions, because as far as I’m aware, that router is a property of Sky. If you are thinking of doing it, then Good Luck!

Using another router is the smartest thing to do, But for you to use another router, you do need the Sky Username and Password.

This is how you get the Sky Username and Password…

Open up your browser and Copy and paste the following URL to the Address Bar. (Make sure its in one line, not two!)

It will ask for Username and Password, use the follwoing unless you have changed your Router Login info, then use that.

Username:admin
Password: sky

You will get a page that reads “Usage: ping [OPTION]… host”

Now Copy and paste the following URL to the Web Browser’s Address Bar.

http://192.168.0.1/netgear.cfg

This will then download a config file, “netgear.cfg”

Open the file with wordpad or any other Text Editor.

You should see some text like this below :

pppoa_username=001122aabbcc@skydsl
pppoa_password=a0b1c2d4e5
pppoa_idle=0
pppoa_ipaddr=


That’s it, Use those above info with another router, and you should be able to connect to Sky Broadband.

It is pretty easy when it comes to gaining root password to any Linux System as long as you have physical access.

This is how to change Fedora’s ROOT Password.

When your box starts up, You will see the GRUB screen…

What you need to do is, press the a Key instead of Enter

You will see something like the following…

kernel /vmlinuz-2.6.9-1.667 ro root=LABEL=/ acpi=on rhgb quiet

Add 1 at the end of that… So it looks like the following…

kernel /vmlinuz-2.6.9-1.667 ro root=LABEL=/ acpi=on rhgb quiet 1

This will make the box boot into Runlevel 1

You simply type

passwd

Enter the new ROOT password and reboot the machine.

Same thing goes for Any Linux System as welll… All you got to do is, add the following kernel argument…

init=/bin/bash

And then just change the password…

I had a problem installing the BisonCam Driver on my ASUS Laptop running Windows Vista, The XP driver didn’t work at all and I expected that…

This is how I got it working…

Download the driver in the following location and install it.

http://www.fnode.com/drivers/Bison_Camera_Vista32_NB.zip

Then you need to Reboot. Do NOT avoid to reboot because you are too lazy, otherwise it won’t work!

After that, you need to make some registry modifications. Easy way to do it is to copy the registry code into notepad and save it as a .reg file. After that, just double click the .reg file and apply the registry modification. (Copy the code in between Registry Info tag)

You can also download the .reg file Here.

The Cam might show the picture as upside down, All you got to do is a Verticle Flip, Its on the Option ==> Video Capture Filter ==> Rotation


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cam5603D]
“SensorType”=dword:0000000a
“LensType”=dword:0000000c
“ImageSize”=dword:00000001
“ViewSize”=dword:00000a50
“SnapItem”=dword:00000000
“MPTest”=dword:00000000
“RGB24″=dword:00000000
“WideScreen”=dword:00000000
“DeviceOffOn”=dword:00000000
“CpuUsage”=dword:00000000
“DcOffset”=dword:00000000
“AeTable”=dword:00000000
“PCB_SIZE”=dword:00000001
“PropShowItem”=dword:00000000
“SXGASize”=dword:00000001
“BlockS3S4″=dword:00000000
“AETarget”=dword:00000000
“FlikerLim”=dword:00000000
“InterpolationMethod”=dword:00000000
“ADC”=dword:00000000
“DC_Level”=dword:00000000
“Gama_Offset”=dword:00000000
“ImageEffect”=dword:00000000
“ChkPacketHdr”=dword:00000000
“SaBase”=dword:00000006
“SaDivitor”=dword:00000006
“SensorYUYV”=dword:00000000
“AvgAE”=dword:00000000
“Timer1″=dword:0000000a
“Timer2″=dword:0000005a
“PowerDown”=dword:00000000
“DoXPC3″=dword:00000001
“Do2KC3″=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\BisonCam]
“AgcGainType”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\WebCam\M2000]
“StillImage”=dword:0000000a
“MultiLangID”=dword:00000009

Starting Windows XP with Number Lock ON is a pretty simple registry tweak. All you got to do is the following…

Click Start ==> Run and Type REGEDIT

Navigate to the following Registry tree

KEY_USERS/.DEFAULT/Control Panel/Keyboard

Change the value of the key InitialKeyboardIndicators to 2 (initially is it set to 0)

That’s it, When you reboot XP again, Number Lock should be on!

I have been experiencing some strange issue with Adobe software, when I launch it, there will be a program called AdobeUpdater.exe will automatically executes.

This .exe will use about 99% of the CPU runtime and will not be able to kill it via Process Kill, which means a reboot is eminent.

I have tried two methods, one worked, one didn’t

I Renamed updater.api under C:\Program Files\Adobe\Acrobat 8.0\Acrobat\plug_ins

That didn’t work at all…

Than I tried renaming AdobeUpdater.exe to AdobeUpdater2.exe under

C:\Program Files\Common Files\Adobe\Updater5

Which seems to work and hence this is a temporary solution.

According to my research, Adobe is aware of this problem so, I guess they will be releasing a patch soon…

Windows Live Call is a resource hog, unless you use this feature there is no need to have it. And it takes about 40 MB of the RAM. Removing Live Call will make the Live Messenger sign in much faster.

Before starting, Shutdown Live Messenger and make sure it is not running. (make sure the icon is not on the taskbar)

You should first remove all the Windows Live Messenger Shortcuts. Here are the common places where you would have a Messenger Shortcut.

Desktop: If you have other user account, its worth deleting it.

Program List: C:\Documents and Settings\USERNAME\Start Menu\Programs

Then go to the Windows Live Messenger Install Directory, C:\Program Files\MSN Messenger

And remove the following Files and move them into a Directory of your choice. (just make one into the WLM install Directory)


htc.8.1.0178.00.dll
livecall.exe
pcsexeps.dll
softphone.dll
softphoneps.dll
softphoneres.dll

Now, you can create your shortcut again manually, It should stop Live Messenger from repairing the files. Follow this link on creating shortcuts http://support.microsoft.com/kb/140443

NB: I have also removed and recreated the following registry, I don’t think there is a need to do it, but If livecall.exe starts again, you can try this method again…

Software\Microsoft\Windows\CurrentVersion\Run

You can either use Startup Control Panel or follow the instructions on this URL http://support.microsoft.com/kb/270035